You are not logged in Log in Join
You are here: Home » Members » 4AM Productions (Evan Simpson) » PythonMethodWiki » CurrentBehavior » wikipage_view
Log in
Name

Password

 
Link icon Forgot your password?
 
Print
FrontPage »

CurrentBehavior

Python Methods Current Behavior

  • uses GuardedBlock for security
  • copies methods from DocumentTemplate.DT_Util.TemplateDict into the builtins dictionary, and also provides access to a TemplateDict instance through the name "_".
  • recurses into code blocks, allowing lambdas and nested function definitions.

GuardedBlock security

  • co_names is checked for multi-character names beginning with "_".
  • print statements are replaced with calls to a function that stores the text in a list. The concatenation of these strings is available through global variable printed. If printed is not read, but print statements are used, a warning is printed.
  • assignment statements are only allowed if the target list is a local or global variable name. This prevents assignments to attributes, items, or slices.
  • del and exec statements are not allowed, and import is not usable.
  • return, assert, try/finally, try/except/else, pass, raise, break, continue, global, if/elif/else, for/else, and while/else are not changed or restricted.
  • The only other statements are expression statements. Expression evaluation is altered so that multiplication operations are replaced with calls to careful_mul from DocumentTemplate.VSEval.
  • Since CodeBlock compiles a function in an empty global namespace with no builtins, the function is flagged restricted, and cannot access internal attributes such as im_func.
Copyright (c) 2011 Zope Foundation. All rights reserved. Legal | Contact
If you can read this text, it means you are not experiencing the Plone design at its best. Plone makes heavy use of CSS, which means it is accessible to any internet browser, but the design needs a standards-compliant browser to look like we intended it. Just so you know ;)